Allied Telesis AT-S63

Contents

Chapter 34: PKI Certificates and SSL ...................................... ..................................................................397

Supported Platforms........ ............................................................................................................................... 398

Overview............................................. .................................................................................................... ........399

Types of Certificates.............. ......................................................................................................................... 399

Distinguished Names....................................... ...............................................................................................401

SSL and Enhanced Stacking.................. ........................................................................................................403

Guidelines............................................... ................................................................................................ ........404

Technical Overview..................................................................................................................... ....................405

SSL Encryption.................................................................................... .....................................................405

User Verification........................... ............................................................................................................406

Authentication................................................................................................ ...........................................406

Public Key Infrastructure .......................................................................................................................... 407

Public Keys.......................................................................................... .....................................................407

Message Encryption.................................................. ...............................................................................407

Digital Signatures ..................................................................................................................................... 407

Certificates..................................................................................................................................... ...........408

Elements of a Public Key Infrastructure. ..................................................................................................409

Certificate Validation................................................................................................................................. 410

Certificate Revocation Lists (CRLs).......................................................................................................... 410

PKI Implementation................................... ...............................................................................................411

Chapter 35: Secure Shell (SSH) .......................................................................................... ........................413

Supported Platforms........ ............................................................................................................................... 414

Overview............................................. .................................................................................................... ........415

Support for SSH................................................................................ ..............................................................416

SSH Server................................................... ..................................................................................................417

SSH Clients............................................................................................................. ........................................418

SSH and Enhanced Stacking............................................................................................................ ..............419

SSH Configuration Guidelines................ ........................................................................................................421

General Steps to Configuring SSH......... ........................................................................................................422

Chapter 36: TACACS+ and RADIUS Protocols .........................................................................................4 23

Supported Platforms........ ............................................................................................................................... 424

Overview............................................. .................................................................................................... ........425

Guidelines............................................... ................................................................................................ ........427

Chapter 37: Management Access Control List ..........................................................................................431

Supported Platforms........ ............................................................................................................................... 432

Overview............................................. .................................................................................................... ........433

Parts of a Management ACE........... ............................................................................................................... 434

IP Address........................................................... .....................................................................................434

Mask.......................................................... ....................................................................................... ........434

Application.............................................................. .................................................................................. 434

Guidelines............................................... ................................................................................................ ........435

Examples................... .................................................................................................................................... .436

Appendix A: AT-S63 Management Software Default Settings ................................................................. 439

Address Resolution Protocol Cache....... ........................................................................................................4 41

Boot Configuration File ................................................................................................................................... 442

BOOTP Relay Agent.................................................................. .....................................................................443

Class of Service............................................... ...............................................................................................444

Denial of Service Defenses.................................................................................................................. ...........445

802.1x Port-Based Network Access Control.................................................................. .................................446

Enhanced Stacking.................................... .....................................................................................................448

Ethernet Protection Switching Ring (EPSR) Snooping..................................... ..............................................449

Event Logs................................................. .....................................................................................................450

GVRP............................................................................ ..................................................................................451